Inaccurate study quoting, Re: anti-crypto rhetoric (Ellison,

[Peter Gutmann]

>When talking to a police officer in Amsterdam, he needed to make a phone call
>on his cell-phone.  Interestingly, he used a Nokia 9000i, so we got to be
>talking phones/GSM, among the things he said that attracted my attention were:
>
>       - Eavesdropping GSM isn't all that hard (and when asked for
>         clarification, he seemed to indicate that he wasn't talking about
>         microwave links or exchange based interceptions)
>         Or perhaps we don't use encryption for GSM in the Netherlands?
 
The Dutch GSM system was modified (at considerable cost) when it was installed
to make eavesdropping both possible and relatively easy.  The reason this is
known is that one GSM vendor claimed that the cost of making these
modifications was what it would cost for someone to break GSM - I've actually
seen their salesdroids quoting this "fact" to customers.
 
>There are many on this list who know a great deal more than I do about GSM but
>I suspect that the A5 algorithm only protects the communications between the
>phone and the nearest tx/rx node.  I would guess that data in the swtiches,
>and that in transit between them, is not cryptographically protected.
 
It isn't protected.  If you break into the switch (or, in many countries, if
you're the police and have legitimate access), you can both read out the keys
being used (using its diagnostic capabilities) and intercept and generally mess
with any communications going on at the time.
 
Peter.